What is enhanced due diligence (EDD) in banking?

Due diligence is the process banks follow when they verify the identity of their customers and ensure that these customers are not involved with money laundering and financial crime. When carrying out due diligence, a bank must: 

• Establish and verify the identity of their customer
• Understand the nature of that customer’s activities
• Assess the money laundering risks associated with that customer
• Monitor their ongoing activities

While the majority of customers will be subjected to a standard level of customer due diligence (CDD), high-risk individuals will go through an enhanced due diligence (EDD) process that is more rigorous and helps mitigate risk.

EDD in banking

EDD in banking is an essential part of the KYC compliance process. It involves gathering information in order to verify the identity of customers and calculate the exact level of money laundering risk each customer poses. During the EDD process, the customer is asked for a much greater amount of information than they are during the CDD process, as this information can be used to mitigate the risks involved.

In general, when carrying out EDD in banking, the Financial Action Task Force (FATF) recommends a risk-based approach whereby “the amount and type of information obtained, and the extent to which this information is verified, must be increased where the risk associated with the business relationship is higher.”

Practical steps for EDD in banking suggested by FATF include:

• Obtaining additional identifying information from a wider variety of robust and independent sources
• Carrying out additional searches (such as verifiable adverse media searches)
• Commissioning an intelligence report on the customer or beneficial owner to improve the understanding of whether that customer or beneficial owner could be involved in criminal activity
• Verifying the source of funds or wealth involved in the business relationship
• Seeking additional information from the customer about the purpose and intended nature of the business relationship

FATF then recommends that the bank implements a risk-based monitoring strategy that can be used to catch suspicious activity or changes in that customer’s risk profile.

What's the difference between EDD and CDD?

There are several differences between customer due diligence and enhanced due diligence. Firstly, CDD and EDD are different tiers of the KYC process.  While CDD involves identifying the customer by checking the data provided against databases and verifying the customer’s identity, EDD in banking goes much further.

Reserved for customers who are deemed to be high risk (such as politically exposed persons and individuals who are subject to sanctions), EDD adds additional steps to the due diligence process. On top of this, customers are required to provide a lot more information.

EDD in banking is far more rigorous than CDD and it’s also much more time consuming for the customer and the bank to carry out.

The exact EDD process varies depending on the jurisdiction the bank operates in, but recommendations from FATF suggest that banks should look to verify the client’s source of funds, put ongoing checks in place that can spot suspicious transactions, screen for adverse media, and keep detailed records of the decision-making process.

What are the three main factors to consider in determining AML risk?

According to FATF guidelines, three factors must be evaluated when assessing the risk of corruption-related money laundering. These are:

• Customer risk factors, such as whether the customer is a politically exposed person
• Geographic risk factors, such as whether the customer is operating in a jurisdiction that has deficiencies in its AML framework or is subject to sanctions
• Product, service, transaction, or delivery channel risk factors, such as whether the customer receives anonymous transactions or receives payments from unknown third parties

Who are high-risk customers?

EDD processes should be carried out for all high-risk customers. These are customers that pose high money laundering or terrorist financing risks and present increased exposure and risks to banks as a result.

How the level of risk posed by each customer is calculated can vary on a case-by-case basis. However, popular variables to consider when creating customer risk profiles include the jurisdiction the customer is based in, the services the customer is attempting to access, and the nature of the customer themselves.

When determining whether EDD processes are necessary, you need to consider whether any of the following risk factors apply:

Customer-related risk factors

• The client is a politically exposed person
• The client’s close relatives and associates are politically exposed persons
• The client does the majority of their business with foreigners or non-residents
• The client runs a cash-intensive business

Territory-related risk factors

• The client is from a country that does not have adequate anti-money laundering (AML) and/or combating the financing of terrorist (CFT) systems in place
• The client is from a country that is subject to sanctions and/or embargoes
• The client is from a country that is notorious for extensive levels of corruption
• The client is from a country that is blacklisted for financing or supporting terrorist activities
• The client is from a country that is a known home for terrorist organizations
• The client is from a country that is not a FATF member

How to conduct enhanced due diligence

The enhanced due diligence process can be quite complex. Due to this, it’s best to break it down into stages. With this in mind, here’s a step-by-step guide explaining how to conduct enhanced due diligence:

Employ a risk-based approach

Following FATF recommendations, you should employ a risk-based approach to CDD and EDD in banking.

Although you require additional information from some high-risk customers, there’s no need to treat every individual in the same manner, so you should tailor your approach on a case-by-case basis. To do this, you should assign each client a risk level or risk score and then carry out the appropriate checks.

How to decide which pieces of information you should ask for should be detailed in your company’s AML compliance policy.

Obtain additional information

Next, you should obtain the additional information you require from your customer. Some of this information may come directly from the customer, while other pieces of information will come from third parties.

If the customer is a politically exposed person, you may ask them for information regarding their title, the positions they hold in a business, and the influence they have. Alternatively, if the client is a business, you may ask them for the identities of board members or articles of incorporation, partnership agreements, and business certificates.

Establish the origin and ultimate beneficial ownership (UBO) of funds

Now you must obtain information that will indicate the origin of your customer’s wealth. In carrying out this part of the process, you need to compare the value of your client’s non-financial and financial assets with that of their real assets to make sure that these figures match. If you spot inconsistencies between their net worth, wealth source, or earnings, then these must be investigated further.

You must also establish the ultimate beneficial ownership of your client’s organization and ensure you’ve verified the identity of this owner.

Transaction tracking

Next, you must analyze your client’s transaction history, including:

• Interested parties
• Transaction processing times
• The purpose and nature of all transactions

During this stage, you should look for any inconsistencies between the projected value of goods and services and the amount paid or received. Mismatches could suggest money laundering.

Check adverse media

Negative news reports about your client can tell you more about their track record and reputation. If you can use these reports to establish that the client has been involved in committing financial crimes before, then this is a big red flag.

Conduct an on-site visit

If you remain unsure about the level of risk a client poses you can also choose to visit them. In doing so, you can verify that their physical business address matches the information they’ve provided.

Similarly, with an on-site visit, you can obtain physical documents from a client, rather than relying on digital copies.

Develop a monitoring strategy

Once you’ve completed all the above steps, you can make a measured decision about the level of risk a client poses. If you decide that this risk level is manageable, you can then develop an ongoing monitoring strategy that you can put in place to help you monitor their transactions and activities.

To create an effective strategy, you must review their transactions in line with the data and information they’ve already provided. Certain transactions may not seem suspicious in isolation, but may form part of a continuous pattern of activities that indicate illicit activity when viewed as a whole.

Create a strategy report

Finally, you should write a report that details your EDD plans.

Within the report, you should include a timetable that indicates when you will carry out the specific monitoring activities you created in the step above, as well as a rundown of how you made the decision to onboard them. You should also include copies of all the pieces of information you’ve obtained. The report should then be stored in a secure location, in case regulators ask to see it in the future.

When should a bank apply customer due diligence?

The customer due diligence process must be carried out for every new customer a bank takes on. Ongoing monitoring must then also be carried out.

However, a bank must use enhanced due diligence procedures if they are doing business with any of the following organizations or individuals:

• Any business in a country on the high-risk third countries list
• A politically exposed person or somebody within their close circle, such as a family member
• A company operating in a sector with a higher risk of money laundering, such as gambling
• A shell corporation
• A company that has been blacklisted or found to have previously funded terrorist activities

Learn more about EDD

If you’re interested in learning more about EDD in banking, then get in touch with our due diligence experts today.

Here at Veriff, we’ve created a number of class-leading customer due diligence solutions that can streamline the process, improve decision-making, and reduce friction. Our AML and KYC compliance solution can be used to verify the identity of customers, screen them against PEP and sanctions watchlists, and check for adverse media. It can then even provide ongoing monitoring.

To discover more about how we can help you, book a free and personalized demo with the team today.